CubeCart 6.1.12 - Admin Authentication Bypass

8 min read 17 Jan 2018 by Robin Peraglie
CubeCart is an open source e-commerce solution. In one of our latest security analysis we found two flaws in this web application that allow an attacker to circumvent the authentication mechanism required to login as an administrator (CVE-2018-20716). Once bypassed, an attacker can execute arbitrary code on the web server and steal all sensitive files and data.

Shopware 5.3.3: PHP Object Instantiation to Blind XXE

8 min read 8 Nov 2017 by Karim El Ouerghemmi
Shopware is a popular e-commerce software. Within only 4 minutes, RIPS discovered two vulnerabilities in the code that bases on Symfony, Doctrine and the Zend Framework. In this blog post we investigate the exploitation of one of these: A rare PHP object instantiation vulnerability (CVE-2017-18357).

flatCore CMS 1.4.6: Remote Code Execution and Easteregg

5 min read 17 Oct 2017 by Dennis Detering
flatCore is a lightweight Content Management System (CMS) based on PHP and SQLite. We tested the latest stable version 1.4.6 with RIPS and detected, among others, a critical persistent cross-site scripting vulnerability (CVE-2017-1000428) that can be used by an unauthenticated adversary to attack administrators and to execute PHP code on the web server.

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection

6 min read 20 Sep 2017 by Robin Peraglie
With over 84 million downloads, Joomla! is one of the most popular content management systems. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password and to fully take over any Joomla! <= 3.7.5 installation that uses LDAP for authentication.

SugarCRM's Security Diet - Multiple Vulnerabilities

10 min read 14 Sep 2017 by Robin Peraglie
SugarCRM is one of the most popular customer relationship management solutions. RIPS uncovered critical security issues that could allow attackers to steal customer data or sensitive files from the server.